The SME space is changing, and emerging leaders are utilising affordable, flexible and scalable big data and analytics tools. SMEs are confident about their ability to innovate, but much less certain about their ability to use big data and advanced analytics to do so...

For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

Bitdefender believes malware could be part of a high-level cyber-espionage campaign

Government agencies have been targeted by a malware framework known as Netrepset since May 2016 in what could be part of a high-level cyber-espionage campaign.

That's according to researchers at IT security company Bitdefender, who had initially looked into the malware last year.

Its threat response team isolated several samples from the ‘internal malware zoo', while looking into a custom file-packing algorithm. A deeper look into its telemetry revealed that the malware was strictly affecting a limited pool of hosts belonging to a number of IP addresses marked as sensitive targets - mostly government agencies.

The malware can be paired with advanced spear phishing techniques in a bid to collect intelligence - and this is why Bitdefender presumes it is part of a high-level campaign.

Bitdefender said that the unusual build of the malware could have easily made it pass for a regular threat, like many of those that organisations block on a daily basis. However, it's more complex than many of those threats as it has a repertoire of methods which it uses to steal information, including keylogging, password and cookie theft.

It is built using a recovery toolkit provided by Nirsoft, which Bitdefender suggested was a legitimate, yet controversial tool.

"The controversy stems from the fact that the applications provided by Nirsoft are used to recover cached passwords or monitor network traffic via powerful command-line interfaces that can be instructed to run completely covertly," said Bitdefender.

"For a long time now, the antimalware industry has flagged the tools provided by Nirsoft as potential threats to security specifically because they are extremely easy to abuse, and oversimplify the creation of powerful malware," it added.

But the security company emphasised that even though Netrepset malware uses free tools and utilities to carry out jobs, the combination of the complexity of the attack, and the targets involved, suggest that it is "more than a commercial-grade tool".

For example, the criminals behind the malware have even included a ‘killswitch' job to clean up after themselves after exfiltration.

"This option is key in establishing that this is not an opportunistic attack, but rather a well-designed espionage campaign with multiple redundancies and, ultimately, a way to deter forensic processes that might recover evidence," the company said.

The group behind the malware has compromised approximately 500 computers and exfiltrated an unknown number of documents, login credentials or other pieces of intelligence since May 2016.

Bitdefender said that because of the nature of the attacks, attribution was impossible, unless it digs into the realm of speculation.

Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017.

Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things.